svn commit: samba r23973 - in branches: SAMBA_3_2/source/libads
SAMBA_3_2/source/utils SAMBA_3_2_0/source/libads
SAMBA_3_2_0/source/utils
gd at samba.org
gd at samba.org
Thu Jul 19 13:47:55 GMT 2007
Author: gd
Date: 2007-07-19 13:47:53 +0000 (Thu, 19 Jul 2007)
New Revision: 23973
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23973
Log:
For debugging, add (undocumented) net ads kerberos commands (kinit, renew,
pac).
Guenther
Modified:
branches/SAMBA_3_2/source/libads/authdata.c
branches/SAMBA_3_2/source/utils/net_ads.c
branches/SAMBA_3_2_0/source/libads/authdata.c
branches/SAMBA_3_2_0/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_2/source/libads/authdata.c
===================================================================
--- branches/SAMBA_3_2/source/libads/authdata.c 2007-07-19 13:46:26 UTC (rev 23972)
+++ branches/SAMBA_3_2/source/libads/authdata.c 2007-07-19 13:47:53 UTC (rev 23973)
@@ -723,7 +723,7 @@
}
/* just for debugging, will be removed later - Guenther */
-static void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info)
+void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info)
{
DOM_SID dom_sid, res_group_dom_sid;
int i;
Modified: branches/SAMBA_3_2/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-19 13:46:26 UTC (rev 23972)
+++ branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-19 13:47:53 UTC (rev 23973)
@@ -2505,6 +2505,111 @@
return net_run_function(argc, argv, func, net_ads_keytab_usage);
}
+static int net_ads_kerberos_usage(int argc, const char **argv)
+{
+ d_printf(
+ "net ads kerberos <COMMAND>\n"\
+ "<COMMAND> can be either:\n"\
+ " RENEW Renew TGT from existing credential cache\n"\
+ " PAC Dumps the Kerberos PAC\n"\
+ " KINIT Retrieve Ticket Granting Ticket (TGT)\n"\
+ "\n"
+ );
+
+ return -1;
+}
+
+static int net_ads_kerberos_renew(int argc, const char **argv)
+{
+ int ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL);
+ if (ret) {
+ d_printf("failed to renew kerberos ticket: %s\n",
+ error_message(ret));
+ }
+ return ret;
+}
+
+static int net_ads_kerberos_pac(int argc, const char **argv)
+{
+ PAC_DATA *pac = NULL;
+ PAC_LOGON_INFO *info = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ NTSTATUS status;
+ int ret = -1;
+
+ mem_ctx = talloc_init("net_ads_kerberos_pac");
+ if (!mem_ctx) {
+ goto out;
+ }
+
+ opt_password = net_prompt_pass(opt_user_name);
+
+ status = kerberos_return_pac(mem_ctx,
+ opt_user_name,
+ opt_password,
+ 0, &pac);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("failed to query kerberos PAC: %s\n",
+ nt_errstr(status));
+ goto out;
+ }
+
+ info = get_logon_info_from_pac(pac);
+ if (info) {
+ dump_pac_logon_info(0, info);
+ }
+
+ ret = 0;
+ out:
+ TALLOC_FREE(mem_ctx);
+ return ret;
+}
+
+static int net_ads_kerberos_kinit(int argc, const char **argv)
+{
+ TALLOC_CTX *mem_ctx = NULL;
+ int ret = -1;
+ NTSTATUS status;
+
+ mem_ctx = talloc_init("net_ads_kerberos_kinit");
+ if (!mem_ctx) {
+ goto out;
+ }
+
+ opt_password = net_prompt_pass(opt_user_name);
+
+ ret = kerberos_kinit_password_ext(opt_user_name,
+ opt_password,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ True,
+ True,
+ 2592000, /* one month */
+ &status);
+ if (ret) {
+ d_printf("failed to kinit password: %s\n",
+ nt_errstr(status));
+ }
+ out:
+ return ret;
+}
+
+int net_ads_kerberos(int argc, const char **argv)
+{
+ struct functable func[] = {
+ {"KINIT", net_ads_kerberos_kinit},
+ {"RENEW", net_ads_kerberos_renew},
+ {"PAC", net_ads_kerberos_pac},
+ {"HELP", net_ads_kerberos_usage},
+ {NULL, NULL}
+ };
+
+ return net_run_function(argc, argv, func, net_ads_kerberos_usage);
+}
+
+
int net_ads_help(int argc, const char **argv)
{
struct functable func[] = {
@@ -2546,6 +2651,7 @@
{"LOOKUP", net_ads_lookup},
{"KEYTAB", net_ads_keytab},
{"GPO", net_ads_gpo},
+ {"KERBEROS", net_ads_kerberos},
{"HELP", net_ads_help},
{NULL, NULL}
};
@@ -2566,6 +2672,11 @@
return net_ads_noads();
}
+int net_ads_kerberos(int argc, const char **argv)
+{
+ return net_ads_noads();
+}
+
int net_ads_usage(int argc, const char **argv)
{
return net_ads_noads();
Modified: branches/SAMBA_3_2_0/source/libads/authdata.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/authdata.c 2007-07-19 13:46:26 UTC (rev 23972)
+++ branches/SAMBA_3_2_0/source/libads/authdata.c 2007-07-19 13:47:53 UTC (rev 23973)
@@ -723,7 +723,7 @@
}
/* just for debugging, will be removed later - Guenther */
-static void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info)
+void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info)
{
DOM_SID dom_sid, res_group_dom_sid;
int i;
Modified: branches/SAMBA_3_2_0/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-19 13:46:26 UTC (rev 23972)
+++ branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-19 13:47:53 UTC (rev 23973)
@@ -2505,6 +2505,111 @@
return net_run_function(argc, argv, func, net_ads_keytab_usage);
}
+static int net_ads_kerberos_usage(int argc, const char **argv)
+{
+ d_printf(
+ "net ads kerberos <COMMAND>\n"\
+ "<COMMAND> can be either:\n"\
+ " RENEW Renew TGT from existing credential cache\n"\
+ " PAC Dumps the Kerberos PAC\n"\
+ " KINIT Retrieve Ticket Granting Ticket (TGT)\n"\
+ "\n"
+ );
+
+ return -1;
+}
+
+static int net_ads_kerberos_renew(int argc, const char **argv)
+{
+ int ret = smb_krb5_renew_ticket(NULL, NULL, NULL, NULL);
+ if (ret) {
+ d_printf("failed to renew kerberos ticket: %s\n",
+ error_message(ret));
+ }
+ return ret;
+}
+
+static int net_ads_kerberos_pac(int argc, const char **argv)
+{
+ PAC_DATA *pac = NULL;
+ PAC_LOGON_INFO *info = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ NTSTATUS status;
+ int ret = -1;
+
+ mem_ctx = talloc_init("net_ads_kerberos_pac");
+ if (!mem_ctx) {
+ goto out;
+ }
+
+ opt_password = net_prompt_pass(opt_user_name);
+
+ status = kerberos_return_pac(mem_ctx,
+ opt_user_name,
+ opt_password,
+ 0, &pac);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("failed to query kerberos PAC: %s\n",
+ nt_errstr(status));
+ goto out;
+ }
+
+ info = get_logon_info_from_pac(pac);
+ if (info) {
+ dump_pac_logon_info(0, info);
+ }
+
+ ret = 0;
+ out:
+ TALLOC_FREE(mem_ctx);
+ return ret;
+}
+
+static int net_ads_kerberos_kinit(int argc, const char **argv)
+{
+ TALLOC_CTX *mem_ctx = NULL;
+ int ret = -1;
+ NTSTATUS status;
+
+ mem_ctx = talloc_init("net_ads_kerberos_kinit");
+ if (!mem_ctx) {
+ goto out;
+ }
+
+ opt_password = net_prompt_pass(opt_user_name);
+
+ ret = kerberos_kinit_password_ext(opt_user_name,
+ opt_password,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ True,
+ True,
+ 2592000, /* one month */
+ &status);
+ if (ret) {
+ d_printf("failed to kinit password: %s\n",
+ nt_errstr(status));
+ }
+ out:
+ return ret;
+}
+
+int net_ads_kerberos(int argc, const char **argv)
+{
+ struct functable func[] = {
+ {"KINIT", net_ads_kerberos_kinit},
+ {"RENEW", net_ads_kerberos_renew},
+ {"PAC", net_ads_kerberos_pac},
+ {"HELP", net_ads_kerberos_usage},
+ {NULL, NULL}
+ };
+
+ return net_run_function(argc, argv, func, net_ads_kerberos_usage);
+}
+
+
int net_ads_help(int argc, const char **argv)
{
struct functable func[] = {
@@ -2546,6 +2651,7 @@
{"LOOKUP", net_ads_lookup},
{"KEYTAB", net_ads_keytab},
{"GPO", net_ads_gpo},
+ {"KERBEROS", net_ads_kerberos},
{"HELP", net_ads_help},
{NULL, NULL}
};
@@ -2566,6 +2672,11 @@
return net_ads_noads();
}
+int net_ads_kerberos(int argc, const char **argv)
+{
+ return net_ads_noads();
+}
+
int net_ads_usage(int argc, const char **argv)
{
return net_ads_noads();
More information about the samba-cvs
mailing list